Group-IB has discovered a previously unknown threat actor codenamed GambleForce, tracked under the name EagleStrike GambleForce in Group-IB’s Threat Intelligence Platform. Group-IB’s Threat Intelligence unit can confirm that, since emerging in September 2023, the group has targeted more than 20 gambling, government, retail and travel websites in Australia, China, India, Indonesia, the Philippines, South Korea, Thailand, and Brazil.
GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive information, such as user credentials. The name, GambleForce, was coined due to the group’s initial targets being from the gambling industry.
GambleForce’s command and control server (CnC), which was discovered by Group-IB’s Threat intelligence team, was taken down by the company’s Computer Emergency Response Team (CERT-GIB). Additionally, Group-IB has issued notifications for the identified victims.
Nikita Rostovcev, Senior Analyst, Advanced Persistent Threat Research Team, Group-IB
Web injections are among the oldest and most popular attack vectors. And the reason being is that sometimes developers overlook the importance of input security and data validation. Insecure coding practices, incorrect database settings, and outdated software create a fertile environment for SQL injection attacks on web applications.
